All articles tagged with #cl0p
Hackers linked to Cl0p exploited a zero-day flaw in Oracle's E-Business Suite to breach dozens of organizations, using sophisticated malware and extortion tactics, with ongoing assessments of the full scope of the attack.
Oracle released an emergency patch for a critical vulnerability (CVE-2025-61882) in its E-Business Suite, which has been exploited by the Cl0p ransomware group in recent data theft attacks. The flaw allows remote code execution without authentication, and indicators suggest involvement of the LAPSUS$ group. Organizations are advised to check for compromises, as exploitation has already occurred.
The personal information of about 769,000 retired California employees and other beneficiaries, including Social Security numbers, was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application. The California Public Employees Retirement system blamed the breach on a third-party vendor that verifies deaths. The same vendor, PBI Research Services/Berwyn Group, also lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the same criminal gang, according to the Fortune 500 insurer. The criminal gang behind the hack, known as Cl0p, is extorting victims, threatening to dump their data online if they don’t pay up.
The personal information of about 769,000 retired California employees and other beneficiaries, including Social Security numbers, was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application. The California Public Employees Retirement system blamed the breach on a third-party vendor that verifies deaths. The same vendor, PBI Research Services/Berwyn Group, also lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the same criminal gang, according to the Fortune 500 insurer. The criminal gang behind the hack, known as Cl0p, is extorting victims, threatening to dump their data online if they don’t pay up.
Progress Software has fixed a third SQL injection vulnerability (CVE-2023-35708) in its MOVEit Transfer web application, which could lead to escalated privileges and unauthorized access. The Cl0p cyber extortion gang exploited a previous vulnerability (CVE-2023-34362) to grab enterprise data and has started disclosing the names of victim organizations, including Shell, banks, media companies, and universities. Progress Software has urged customers to update their MOVEit Transfer installations to the latest versions to fix the vulnerability.
A Russian ransomware gang, Cl0p, breached the Department of Energy and several other federal agencies through a file-transfer program called MOVEit, which is widely used by businesses to securely share files. The impact is not expected to be great, and the attack is largely opportunistic. The gang claimed that its victims numbered in the hundreds, including patrons of at least two state motor vehicle agencies, and demanded a ransom. The U.S. officials have no evidence to suggest coordination between Cl0p and the Russian government.
Russian-speaking cybercrime group CL0P has stolen information from dozens of companies, including federal U.S. agencies, by exploiting a flaw in the MOVEIt computer program. The group, which is an established ransomware group, has listed many of the companies as victims on its website, and many of the organizations named have confirmed their data was stolen. The number of victims is likely to be significantly higher than currently known, with cybersecurity experts estimating that CL0P has likely stolen files from "at least hundreds, if not more," of organizations.
A "small number" of federal agencies in the US have been breached by the Cl0p ransomware gang, and officials are working to assess the data stolen and mitigate the impact. The attack raises concerns about the US's ability to defend itself from overseas hacking gangs.
The US Department of Energy has received ransom demands from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facilities that were recently hit in a global hacking campaign. The energy department contractor Oak Ridge Associated Universities and the Waste Isolation Pilot Plant, the New Mexico-based facility for disposal of defence-related radioactive nuclear waste, were hit in the attack, which exploited a vulnerability in a widely used software. The requests came in emails to each facility, but the two entities did not engage with Cl0p, and there was no indication that the ransom requests were withdrawn.
Several U.S. federal agencies have been hacked as part of a broader cyberattack that exploited a vulnerability in the popular file sharing software MOVEIt. The Cybersecurity and Infrastructure Security Agency is investigating the scope of the hacks and providing support to affected agencies. The hackers, believed to be the ransomware group CL0P, have stolen data from at least 47 organizations and demanded payment not to publish them online. It is unclear whether the stolen files were sensitive or whether the hackers had disrupted government systems. This is the third known time in as many years that foreign hackers have been able to break into multiple federal agencies and steal information.